It has been a while since I used Tripwire but I believe you manually run it
to detect changes - I think HIDS have two components - one checks at the network level - the other looks at system logs for specific events - both in close to real time. One assumption is that system logs are recording changes to system configuration settings - Advantage of HIDS is the detection in real time of this change - it also eases the burden of having to run tripwire repeatedly. The security person only needs to run tripwire if it detects a HIDS alert. -----Original Message----- From: Ron Gula [mailto:[EMAIL PROTECTED] Sent: Thursday, August 25, 2005 5:25 AM To: Rivera,Angel L.; [EMAIL PROTECTED] Subject: RE: using HIDS for change control Yes. Tripwire does this. Their underlying technology detects change. Ron Gula, CTO Tenable Network Security On Thu, 25 Aug 2005 5:21am, Rivera,Angel L. wrote: > Does anyone on this list know of a sponsor that is using HIDS to > monitor > changes to a system's (Unix & Windows) configuration? > > The goal is to build a server according to specs (this would include > hardening of the OS + agency specific security settings) then use a > HIDS > to detect and alert on any changes. > > Theoretically speaking, I know this can be done, but is anyone doing > this? > > ----------------------------------------------------------------------- - > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ----------------------------------------------------------------------- - --rgula ----------------------------------------------------------------------- - Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ----------------------------------------------------------------------- - ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
